Federation over TCP streaming

Pablo described here a way to configure federation over TCP. In his approach he gets a SAML token from STS and then uses that token to get a security context token which will be used to provide actual message security throughout the session.

As message security only works in a buffered mode, so his approach is not suitable for a TCP streaming scenario. To enable federation along with TCP streaming you have to use mixed mode security (TransportWithMessageCredential) over TCP. Let’s consider following binding which uses mixed mode security.

<netTcpBinding>

<bindingname="tcp"transferMode="Streamed">

<securitymode="TransportWithMessageCredential">

<messageclientCredentialType="IssuedToken"/>

<transportclientCredentialType="Windows"></transport>

</security>

</binding>

</netTcpBinding>

Now the trouble is that there is no way to configure STS settings in this binding configuration so your only choice is to mimic the above settings in a custom binding.